techboard.io

Let’s encrypt

5 months ago, Written by , Posted in Non classé
Key to encryption (Photo by Matt Artz on Unsplash)

let’s encrypt : logo Let's Encrypt

What is “let’s encrypt” ?

Let’s encrypt is a trusted certificate authority, that provides the possiblity to automatically generate free certificates since september 2015. Mozilla foundation, Electronic Frontier Foundation and University of Michigan cooperate to create the ISRG (Internet Security Research Group) that provides the Let’s encrypt service.

 

What are the benefits ?

Without going into too much detail, a certificate allows a safe access to internet sites. In short, it can get information on x.509 standard on which HTTPS, SSL and TLS are based.

The main problem is that before the existence of let’s encrypt, it was necessary to purchase an expensive trusted certificate .

 

How does let’s encrypt generate free certificates ?

Let’s encrypt has automated the human operation of verification, that is to say the verification that the person who asks for the certificate owns the site, server or domain. This is the ACME protocol.

Before, the people aware of the security problems created their own selfsigned certificates. Unfortunately the warnings of browsers were discouraging any user to move forward into the website.

let’s encrypt : Warning Chrome with selfsigned certificate let’s encrypt : Warning Firefox with selfsigned certificate

Considering the disadvantages most sites  didn’t propose a secure access.

 

What are the disadvantages of let’s encrypt ?

The certificates delivered by let’s encrypt are applicable only 90 days forcing the renewal automation, but renewal automation is quite easy, we will see how to do it at the end of this article.

 

Certbot

Certbot is the official client to request let’s encrypt for a certificate.

On their site, we find the most common configurations between “Web server” and “Operating System” https://certbot.eff.org

 

At home (apache / ubuntu)

To install let’s encrypt:

To request a certificate and load apache configuration:

let’s encrypt : First page to install let's encrypt
let’s encrypt : Second page to install let's encrypt
let’s encrypt : Third page to install let's encrypt
let’s encrypt : let's encrypt congratulations

The result:

let’s encrypt : Test of certificate let's encrypt

To test your certificate

let’s encrypt : Test ssl with let's encrypt

 

To automatise the renewal

For the automatic  renewal, certbot has many commands.

Here the most useful:

simulate a request for a renewed certificate, it uses parameters of the actual certificate.

If the dry-run is ok for you, you can create a script with command

in a cron task or a system command.

let’s encrypt : the end of the fee certificates

The goal of let’s encrypt set out encrypt 100% of the web. There is no doubt that with their sponsor and their growth they are on the good way.

 

Latest posts by Pierre Charrasse (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *